WO2007121190A3 - Method and apparatus for binding multiple authentications - Google Patents

Method and apparatus for binding multiple authentications Download PDF

Info

Publication number
WO2007121190A3
WO2007121190A3 PCT/US2007/066344 US2007066344W WO2007121190A3 WO 2007121190 A3 WO2007121190 A3 WO 2007121190A3 US 2007066344 W US2007066344 W US 2007066344W WO 2007121190 A3 WO2007121190 A3 WO 2007121190A3
Authority
WO
Grant status
Application
Patent type
Prior art keywords
peer
authentications
authentication server
authentication
unique identifier
Prior art date
Application number
PCT/US2007/066344
Other languages
French (fr)
Other versions
WO2007121190A2 (en )
Inventor
Lakshminath Reddy Dondeti
Vidya Narayanan
Original Assignee
Lakshminath Reddy Dondeti
Vidya Narayanan
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0815Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Abstract

Techniques for binding multiple authentications for a peer are described. In one design, multiple authentications for the peer may be bound based on a unique identifier for the peer. The unique identifier may be a pseudo-random number and may be exchanged securely between the peer, an authentication server, and an authenticator in order to prevent a man-in-the-middle attack. Data for all authentications bound by the unique identifier may be exchanged securely based on one or more cryptographic keys generated by all or a subset of these authentications. In another design, multiple levels of security may be used for multiple authentications for a peer. The peer may perform a first authentication with a first authentication server and obtain a first cryptographic key and may also perform a second authentication with the first authentication server or a second authentication server and obtain a second cryptographic key. The peer may thereafter securely exchange data using the two keys using nested security.
PCT/US2007/066344 2006-04-11 2007-04-10 Method and apparatus for binding multiple authentications WO2007121190A3 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US79132106 true 2006-04-11 2006-04-11
US60/791,321 2006-04-11

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP20070760412 EP2005706B1 (en) 2007-04-10 Method and apparatus for binding multiple authentications
JP2009505578A JP4933609B2 (en) 2006-04-11 2007-04-10 Method and apparatus for tying a plurality of authentication (multipleauthentications)
CN 200780008063 CN101395887B (en) 2006-04-11 2007-04-10 Method and apparatus for binding multiple authentications

Publications (2)

Publication Number Publication Date
WO2007121190A2 true WO2007121190A2 (en) 2007-10-25
WO2007121190A3 true true WO2007121190A3 (en) 2008-02-07

Family

ID=38461262

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/066344 WO2007121190A3 (en) 2006-04-11 2007-04-10 Method and apparatus for binding multiple authentications

Country Status (5)

Country Link
US (1) US8607051B2 (en)
JP (2) JP4933609B2 (en)
KR (1) KR100988179B1 (en)
CN (1) CN101395887B (en)
WO (1) WO2007121190A3 (en)

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007138876A1 (en) * 2006-06-01 2007-12-06 Nec Corporation Communication node authentication system and method, and communication node authentication program
WO2008087570A3 (en) * 2007-01-19 2008-10-30 Koninkl Philips Electronics Nv Network configuration via a wireless device
US8547859B2 (en) * 2007-11-15 2013-10-01 Ubeeairwalk, Inc. System, method, and computer-readable medium for authentication center-initiated authentication procedures for a mobile station attached with an IP-femtocell system
US8705442B2 (en) * 2007-11-15 2014-04-22 Ubeeairwalk, Inc. System, method, and computer-readable medium for mobile station authentication and registration via an IP-femtocell
US8341702B2 (en) * 2007-11-01 2012-12-25 Bridgewater Systems Corp. Methods for authenticating and authorizing a mobile device using tunneled extensible authentication protocol
US20090187978A1 (en) * 2008-01-18 2009-07-23 Yahoo! Inc. Security and authentications in peer-to-peer networks
US8655838B2 (en) * 2008-02-20 2014-02-18 At&T Intellectual Property I, L.P. Selection of peers to cluster within a peer-to-peer network
US8850553B2 (en) * 2008-09-12 2014-09-30 Microsoft Corporation Service binding
US9066232B2 (en) * 2009-06-08 2015-06-23 Qualcomm Incorporated Femtocell access control
US8863253B2 (en) 2009-06-22 2014-10-14 Beyondtrust Software, Inc. Systems and methods for automatic discovery of systems and accounts
US9160545B2 (en) * 2009-06-22 2015-10-13 Beyondtrust Software, Inc. Systems and methods for A2A and A2DB security using program authentication factors
US20110007639A1 (en) * 2009-07-10 2011-01-13 Qualcomm Incorporated Methods and apparatus for detecting identifiers
US20110113146A1 (en) * 2009-11-10 2011-05-12 Li Gordon Yong Dynamic quality of service (qos) setup over wired and wireless networks
CN102196438A (en) 2010-03-16 2011-09-21 高通股份有限公司 Communication terminal identifier management methods and device
US9385862B2 (en) * 2010-06-16 2016-07-05 Qualcomm Incorporated Method and apparatus for binding subscriber authentication and device authentication in communication systems
US8839373B2 (en) 2010-06-18 2014-09-16 Qualcomm Incorporated Method and apparatus for relay node management and authorization
US9112905B2 (en) 2010-10-22 2015-08-18 Qualcomm Incorporated Authentication of access terminal identities in roaming networks
US9668128B2 (en) 2011-03-09 2017-05-30 Qualcomm Incorporated Method for authentication of a remote station using a secure element
WO2013140455A1 (en) * 2012-03-22 2013-09-26 富士通株式会社 Ad-hoc network system, node, and communication method
US20130305378A1 (en) * 2012-05-09 2013-11-14 Visa Europe Limited Method and system for establishing trust between a service provider and a client of the service provider
US9954679B2 (en) * 2014-03-05 2018-04-24 Qualcomm Incorporated Using end-user federated login to detect a breach in a key exchange encrypted channel
WO2015139725A1 (en) * 2014-03-17 2015-09-24 Telefonaktiebolaget L M Ericsson (Publ) User identifier based device, identity and activity management system
DE102017208735A1 (en) 2017-05-23 2018-11-29 Siemens Aktiengesellschaft Method and apparatus for protecting a communication between at least a first communication device and at least one second communication device in particular within a communication network of an industrial manufacturing and / or automation

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050015490A1 (en) * 2003-07-16 2005-01-20 Saare John E. System and method for single-sign-on access to a resource via a portal server

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10322328A (en) * 1997-05-20 1998-12-04 Mitsubishi Electric Corp Encryption communication system and encryption communication method
JP2001326632A (en) 2000-05-17 2001-11-22 Fujitsu Ltd Distribution group management system and method
WO2002057917A3 (en) * 2001-01-22 2003-04-24 Sun Microsystems Inc Peer-to-peer network computing platform
JP2002335239A (en) 2001-05-09 2002-11-22 Nippon Telegr & Teleph Corp <Ntt> Method and system device for authenticating single sign- on
US7350076B1 (en) 2001-05-16 2008-03-25 3Com Corporation Scheme for device and user authentication with key distribution in a wireless network
JP3969153B2 (en) 2002-03-28 2007-09-05 日本電気株式会社 Terminal authentication system, a terminal authentication apparatus, and a terminal authentication program
JP4261952B2 (en) * 2003-03-27 2009-05-13 株式会社富士通ソーシアルサイエンスラボラトリ Identification system and program using the portable devices
JP2004355562A (en) * 2003-05-30 2004-12-16 Asia Pacific System Research Co Ltd Apparatus authentication system
US7509491B1 (en) * 2004-06-14 2009-03-24 Cisco Technology, Inc. System and method for dynamic secured group communication
US20060002557A1 (en) 2004-07-01 2006-01-05 Lila Madour Domain name system (DNS) IP address distribution in a telecommunications network using the protocol for carrying authentication for network access (PANA)
JP2006039206A (en) * 2004-07-27 2006-02-09 Canon Inc Ciphering device and deciphering device
US7596690B2 (en) * 2004-09-09 2009-09-29 International Business Machines Corporation Peer-to-peer communications
DE102004045147A1 (en) * 2004-09-17 2006-03-23 Fraunhofer-Gesellschaft Institute For Secure Telecooperation (Fhg Sit) Setting-information distribution apparatus, method, program, and medium authentication setting transfer device, method, program, and medium, and setting-information receiving program
US8166296B2 (en) 2004-10-20 2012-04-24 Broadcom Corporation User authentication system
US8037514B2 (en) * 2005-03-01 2011-10-11 Cisco Technology, Inc. Method and apparatus for securely disseminating security server contact information in a network
US8006089B2 (en) * 2006-02-07 2011-08-23 Toshiba America Research, Inc. Multiple PANA sessions
US8239671B2 (en) * 2006-04-20 2012-08-07 Toshiba America Research, Inc. Channel binding mechanism based on parameter binding in key derivation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050015490A1 (en) * 2003-07-16 2005-01-20 Saare John E. System and method for single-sign-on access to a resource via a portal server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WILLIAM JOSEPHSON ET AL: "Peer-to-Peer Authentication with a Distributed Single Sign-On Service", INTERNATIONAL WORKSHOP ON PEER-TO-PEER SYSTEMS, XX, XX, 26 February 2004 (2004-02-26), pages 1 - 6, XP002425458 *

Also Published As

Publication number Publication date Type
KR100988179B1 (en) 2010-10-18 grant
CN101395887B (en) 2013-02-13 grant
JP2009533771A (en) 2009-09-17 application
JP4933609B2 (en) 2012-05-16 grant
JP2012113723A (en) 2012-06-14 application
US8607051B2 (en) 2013-12-10 grant
EP2005706A2 (en) 2008-12-24 application
US20080040606A1 (en) 2008-02-14 application
WO2007121190A2 (en) 2007-10-25 application
CN101395887A (en) 2009-03-25 application
KR20080108130A (en) 2008-12-11 application
JP5410499B2 (en) 2014-02-05 grant

Similar Documents

Publication Publication Date Title
US20080240447A1 (en) System and method for user authentication with exposed and hidden keys
Hsiang et al. Weaknesses and improvements of the Yoon–Ryu–Yoo remote user authentication scheme using smart cards
US20090282253A1 (en) Network helper for authentication between a token and verifiers
Tsai Efficient multi-server authentication scheme based on one-way hash function without verification table
Awasthi Comment on a dynamic ID-based remote user authentication scheme
WO2009002599A3 (en) Electronically securing an electronic device using physically unclonable functions
Tsai et al. New dynamic ID authentication scheme using smart cards
CN101609495A (en) Electronic document digital rights management method
Lin et al. A new strong-password authentication scheme using one-way hash functions
Scott Cryptanalysis of an ID-based password authentication scheme using smart cards and fingerprints
CN101431410A (en) Authentication method for network game client and server cluster
CN1805341A (en) Network authentication and key allocation method across secure domains
EP2639997A1 (en) Method and system for secure access of a first computer to a second computer
Chen et al. Mobile device integration of a fingerprint biometric remote authentication scheme
CN101030859A (en) Method and system for verifying distributed network
CN101282222A (en) Digital signature method based on CSK
Dacosta et al. Trust no one else: Detecting MITM attacks against SSL/TLS without third-parties
CN1252198A (en) Administration and utilization of secret fresh random numbers in networked environment
Liao et al. A novel multi-server remote user authentication scheme using self-certified public keys for mobile clients
Lai et al. Applying semigroup property of enhanced Chebyshev polynomials to anonymous authentication protocol
Chung et al. Weaknesses and improvement of Wang et al.'s remote user password authentication scheme for resource-limited environments
Juang et al. Efficient password authenticated key agreement using bilinear pairings
Yoo et al. A security-performance-balanced user authentication scheme for wireless sensor networks
WO2008099756A1 (en) Client device, key device, service providing device, user authentication system, user authentication method, program, and recording medium
Kumari et al. Design of a provably secure biometrics-based multi-cloud-server authentication scheme

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07760412

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 4292/CHENP/2008

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 200780008063.X

Country of ref document: CN

NENP Non-entry into the national phase in:

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2009505578

Country of ref document: JP